Very interested in how this firewall appliance performs…what is the basic throughput capability and Open VPN performance. Is there enough horsepower to run PfBlockerNG and/or Suricata and how do they effect overall performance. Would make a great YouTube video
We have one, just need to finish the testing on it. I will test it, but I don’t expect super fast Snort or Suricata on a device like this.
I too am interested in this device and look forward to a review of it. Ultimately I think I’ll save my pennies and get an SG-3100 to be more future proof, but in the same token being that I live in the middle of no where I don’t expect to see gigabit anytime soon so something that can reliably route 500-600 mbps with IDS/IPS going would be really attractive.
Tom, I know you have one and you said that you have a review forthcoming after you finish testing on it. I’m curious however if you could give us your gut “preview” of the device.
If it were running a home network, a couple of VLANs, IPv6, maybe pfBlocker-NG, and Suricata, could it keep up with a 400-500Mbps connection?
I’m tempted to order one to replace my EdgeRouter Lite, I just am hesitant because I can’t determine if it will keep up with my use case.
I should route fine at that speed, but I really doubt it could run Suricata that fast. Suricata is resource intensive as it does a lot.
Fair enough. That almost sounds like it wouldn’t be much of an upgrade in terms of pure performance from an ER-Lite then considering it can route 400-500Mbps as well (and more), but can’t run Suricata.
What would you suggest if I wanted to maintain those speeds and have Suricata? SG-3100?
first question is do you really need to run Suricata? We run it to block things that are coming at our servers because we host them behind pfsense. Using it for outbound daily use at home just creates a lot of false positives, but it is fun to play with.
I have a few servers behind my firewall (web, email, TeamSpeak, my Synology NAS, Unifi Controller for various family Unifi things I manage.) Do I need Suricata? No I can probably accomplish everything I need to with pfBlocker-NG (namely locking those services down to only being accessible within the US…or better yet the Great Lakes region).
You are right however, Suricata is fun to play with, but when I was running pfSense on an old Mac mini, I think Suricata was more of a pain due to the false positives, than it was beneficial.
Are you suggesting I go to the SG-1100 because I don’t really need Suricata?
Get what your budget will allow The faster the better as it will be longer before you have to replace it again.
Well that’s problematic because my definition of the budget and the wife’s definition can vary greatly which is why I’m trying to determine if I should goto the war department with a request for $150 or $350.
She always has her “request denied” stamp ready to go
Gotta keep Momma happy after all!
I’m excited for the review of the SG-1100. I’m holding off ordering one until Tom finishes his testing on it.